Showing posts with label Share. Show all posts
Showing posts with label Share. Show all posts

Tuesday, July 23, 2013

CSRF Policy in Alfresco Share

Since Enterprise 4.1.4, a new CSRF (Cross Site Request Forgery) Policy has been introduced in Alfresco Share.
Should you want to learn more about this, this should be useful https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)

Mostly, it does not affect you, but in some cases it does. Here are some of the scenarios.
  • You are making an XMLHttpRequest with method POST, PUT or DELETE without using the Alfresco.util.Ajax or alfresco/core/CoreXhr classes 
  • You are making a form upload with enctype multipart/form-data without using Alfresco.forms.Form 
  • You are using a flash movie inside Share to send http requests with method POST 
  • You are writing a non-browser client, i.e. a mobile app 
  • Another system is sending POST requests to your Alfresco Share server 
  • You are running Alfresco Share behind one or more proxy server(s) and I get errors… 
Of course, there are individual methods to handle these situations using CSRFPolicy configurations, however, sometimes you would want to disable this filter altogether.

For that, simply add the following code snippet in your share-config-custom.xml file.

<config evaluator="string-compare" condition="CSRFPolicy" replace="true">
   <filter>
      <rule>
         <request>
            <method>POST|PUT|DELETE</method>
            <session>
               <attribute name="_alf_USER_ID">.*</attribute>
            </session>
         </request>
         <action name="assertReferer">
            <param name="always">false</param>
         </action>
         <action name="assertOrigin">
            <param name="always">false</param>
         </action>
      </rule>
   </filter>
</config>

Thanks to Erik Winlof for the detailed information.

Posted by at No comments:
Labels: , ,

Sunday, September 30, 2012

Alfresco Share in IE Compatibility Mode

Alfresco Share is not supported in Internet Explorer Compatibility Views - for both IE8 Compat View and IE9 Compat View.

There are number of UI bugs crops up in these mode of the browser, where as these works even in IE6 (and of course these works in IE7, IE8 onwards).

For example, one of the functionalities that does not work in Compat View is inserting image in a Wiki page.

Posted by at 1 comment:
Labels: ,

Thursday, September 6, 2012

Alfresco Certified Engineer (ACE)

Proud moment for me to announce, became an Alfresco Certified Engineer yesterday. It had been a good experience to review where am I after working on Alfresco for last 4 years since Alfresco 2.1

For whom, who are targeting for the certification, here are a few useful information.

 

These are areas where you will be tested.

  • The Alfresco architecture and Repository
  • Understand, design and create content models and custom object types and aspects
  • Package and deploy Alfresco extensions and modules
  • Develop extensions for the Alfresco Explorer Web Client
  • Develop applications and Services using the Alfresco APIs (Foundation Services, JCR, Web Services)
  • Understand, define, customize and deploy Advance Workflows and Task Models
  • Understand how workflows interact with content
  • Connect to external applications using Web Services and protocols like SOAP & CMIS

.

There are 80 questions and you have 60 minutes to answer these. You need to secure at least 75% to become an ACE.

.

These are courses that will help you to pass the certification

  • Alfresco Fundamentals Course
  • Alfresco Web Scripts Course
  • the Alfresco Share Configuration Course
  • API Development Training Course
  • Alfresco Workflow Training Course
However, there is no formal requirement or pre-requisite for these courses or training.

.

Here is the categories and divisions of areas the questions are structured in the certification.

Architectural Core 39%
Repository Customization 22%
Web Scripting 13%
UI Customization 14%
Web Services 12%

.

Types of questions.

  • Multiple Choice — you need to select one option that best answers the question or completes a statement.
  • Multiple Responses — select more than one option that best answers the question or completes a statement. The text states how many options are correct, such as Choose two.
  • Sample Directions — read the statement or question. From the response options, select the option(s) that represent the most correct or best answer(s) given the information provided.
  • True/False — select either true or false as the answer.
  • Hotspot — you have to click on the correct area within an image. There is only one correct answer to this type of question.
Posted by at 4 comments:
Labels: , ,

Wednesday, August 22, 2012

Hiding the Header bar of Alfresco Share portlets in Liferay

Recently I was creating a demo for one of our customers who wanted to use Share portlets in Liferay.

Environment: Alfresco 4.0.2, Liferay 6.1.0

The Share portlets were easily deployed and working in Liferay. However, the default Share header bar was not expected inside the portlet.


It was presented like there are two navigation bars in your screen - one is from Liferay navigation, another of Share Header.

Thus I needed to get rid of the header, but since the same page as of Share application is used in the portlet container as well, I couldn't simply get rid of the header.

Added a few lines in site-webscripts/org/alfresco/header.get.html.ftl file.

<#assign portlet = context.attributes.portletHost!false>
<#if portlet>
    <#assign todo="we are not displaying header in portlet context. so nothing to do">
<#else>
    <#-- The original Header generator FTL code goes here -->
</#if>

It made the header bar not rendered while in Portlet, but the bar was as usual displayed in the Share application.


Posted by at 7 comments:
Labels: , , ,

Friday, February 18, 2011

Workflows for Deleted Sites in Share

You can very well delete a site in alfresco share. However, what happens to the workflows in progress in the site?

If you delete a site, the workflows remains as it is. For example, if you have document approval flow going on in a particular site, and then you delete the site - the workflow still stays, thus when you try to approve or reject the document, it behaves erratically.

The workflows should also be cancelled or deleted while you remove a site in alfresco.
Same applies to any space as well? It should first check if any workflow in going on in that space or sub-space.
Posted by at No comments:
Labels: ,

Sunday, February 6, 2011

Alfresco Share Extra Dashlets

Wonderful effort by Will Abson.
Some interesting Alfresco Share extension dashlets can be found at http://code.google.com/p/share-extras/
Posted by at No comments:
Labels:

Wednesday, December 1, 2010

Deploying Alfresco Share portlets in Liferay

In Web Scripts as Portlets tutorials, how to deploy Alfresco Web Scripts as Liferay Portlets have been discussed. In this tutorial we will see how to deploy Alfresco Share 3.4 portlets in Liferay.

In the latest community release 3.4b, Alfresco has come up with three new portlets as part of the Share distribution.
  1. Repository Browser
  2. Site Document Library
  3. My Document Library
These are more popularly called as Share DocLib portlets.

Some of the important capabilities of these portlets are -
  • Create Content, Create Folder, Upload
  • Navigate Breadcrumbs, RSS Feed, Hide/Show Folders
  • Simple/Detailed View
  • Filters - All Documents/I'm Editing/Others are Editing/Recently Modified, Recently Added, My Favorites
  • Hierarchical folder browsing
  • Tag browsing
  • Simple Document Details Page
  • Document Details Page including all existing standard Document Actions, Version history, Commenting
  • Edit Document Metadata
  • Simple Folder Details Page (Popup)
  • Folder Details Page - All existing standard folder actions
  • Edit Folder Metadata
In this tutorial, we will explore the steps to deploy these portlets in Liferay.
This is what it would look like.











Environment

  • Liferay 5.2.3
  • Alfresco 3.4b
  • Tomcat 6.0.18
  • MySQL 5
  • Windows 7
  • JDK 6

Download

Assuming you have Tomcat bundle of Liferay up and running (you can download from here), download Alfresco 3.4 packages.

Deployment

  1. Unzip the downloaded alfresco 3.4 bundle, three folders will be there - bin, licenses and web-server.
  2. Copy the contents of bin folder in \tomcat-6.0.18\bin folder.
  3. Copy the contents of licenses folder in the license folder .
  4. Copy the files of web-server\endorsed folder in \tomcat-6.0.18\endorsed folder. You can create the folder in case it does not exist.
  5. Copy of the files of web-server\lib folder in \tomcat-6.0.18\lib folder.
  6. Copy the contents of web-server\shared folder in \tomcat-6.0.18\shared folder. Create the shared folder if it does not exist.
  7. Create a database in your local MySQL server named alfresco. Create a user named alfresco with same password; and give the user all permissions to the new database.
  8. Open the catalina.properties file from \tomcat-6.0.18\conf folder in your text editor; and put the value of shared.loader as ${catalina.base}/shared/classes,${catalina.base}/shared/lib/*.jar
    The line should look like
    shared.loader=${catalina.base}/shared/classes,${catalina.base}/shared/lib/*.jar
  9. Copy the web-server\webapps\alfresco.war file in tomcat's webapps folder - \tomcat-6.0.18\webapps folder.
  10. Now start your tomcat server (we haven't deployed share yet) . The server might take a few minutes to start up. Both liferay and alfresco should be deployed. The bootstrap should create tables required for alfresco to run in your MySQL database. Once the server is up and running, you can access Liferay portal as well as Alfresco Web Client application in your browser.
  11. Now copy the web-server\webapps\alfresco.war file in your liferay's deploy folder. This should ideally be located in parallel to your tomcat-6.0.18 folder.
  12. In the tomcat server log, you will be able to see that the share application is being deployed in the server.
    Notice the following log information properly appeared. This means your share portlets have been recognized and deployed by liferay.
    INFO [PortletHotDeployListener:227] Registering portlets for share
    INFO [PortletHotDeployListener:351] 3 portlets for share are available for use
  13. Once the deployment is done, we are just a few steps away. We need to configure the permission model of the alfresco and share application - so that the portlets can properly run in liferay. Stop the tomcat server.
  14. Rename the alfresco-global.properties.sample file as alfresco-global.properties (in folder \tomcat-6.0.18\shared\classes); and open the file. Append the following two lines at the end of the file.

    authentication.chain=alfrescoNtlm1:alfrescoNtlm,external1:external
    external.authentication.proxyUserName=
  15. Then open the share-config-custom.xml file from\tomcat-6.0.18\shared\classes\alfresco\web-extension folder, and append the following lines

    <!-- Overriding endpoints to reference a remote Alfresco server -->
    <config evaluator="string-compare" condition="Remote">
    <remote>

    <endpoint>
    <id>alfresco-noauth</id>
    <name>Alfresco - unauthenticated access</name>
    <description>Access to Alfresco Repository WebScripts that do not require authentication</description>
    <connector-id>alfresco</connector-id>
    <endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
    <identity>none</identity>
    </endpoint>

    <endpoint>
    <id>alfresco-feed</id>
    <name>Alfresco Feed</name>
    <description>Alfresco Feed - supports basic HTTP authentication</description>
    <connector-id>http</connector-id>
    <endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
    <basic-auth>true</basic-auth>
    <identity>user</identity>
    </endpoint>

    <connector>
    <id>alfrescoCookie</id>
    <name>Alfresco Connector</name>
    <description>Connects to an Alfresco instance using cookie-based authentication</description> <class>org.springframework.extensions.webscripts.connector.AlfrescoConnector</class>
    </connector>

    <endpoint>
    <id>alfresco</id>
    <name>Alfresco - user access</name>
    <description>Access to Alfresco Repository WebScripts that require user authentication</description>
    <connector-id>alfrescoCookie</connector-id>
    <endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>
    <identity>user</identity>
    <external-auth>true</external-auth>
    </endpoint>

    </remote>
    </config>

  16. Restart your tomcat server, once the server is up, open Liferay portal, log in as Administrator, try to add new portlet. In the available portlet list, you will be able to see a new group named Alfresco and three portlets available there.


You can add any of the portlets from here and test the functionalities. You have got the full alfresco share document library features in your portal!
Posted by at No comments:
Labels: ,

Tuesday, November 23, 2010

Site create permission restriction on 3.4

Alfresco guys has been broadcasting about restricting Site Create permission to users. Earlier all users could create Site on their own. There was no feature or permission set to control who can create Site and who not.

However, in 3.4, they have introduced a mechanism to restrict this.
http://wiki.alfresco.com/wiki/Site_Service#Controlling_who_can_create_sites

But is this solution good? This mechanism was there since long, this is not new in 3.4. However, in 3.4 you can manage this using Share interface - no need to go to the Web Client. What you need to do is to revoke the Contributor privilege from EVERYONE from Sites parent folder, and when a normal user tries to create a site, a nasty error is presented. It would have been better if the Create Site link itself disappear in case a user does not have permission to do so.
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)